M
Michael Griego
I'm having difficulty getting and 802.1x authenticated connection and
remote desktop to play nice together in XP Pro machines. The problem
exists on both wired and wireless connection where 802.1x authentication
is enforced. Basically, after the user logs in via Remote Desktop (which,
on XP, forces the console connection to become locked), the machine
becomes confused as to who it should be authenticating to the network as.
It seems like it want to switch back to the machine authentication context
(authenticating with machine credentials), however, most of the time, it
doesn't seem to do that. I have actually seen it work correctly once
where it began authenticating to the network with the machine credentials,
but usually, it gets confused then begins failing authentication, which,
of course, then gets it kicked off the network.
In my eapol.log from doing the eapol tracing, this is the kind of message
I get when the client gets confused after a user logs in via remote
desktop:
[4952] 13:58:58:694: ElEapWork: EapolPkt created at 021B8230
[4952] 13:58:58:694: ElEapMakeMessage entered
[4952] 13:58:58:694: ElParseIdentityString: DisplayString = hello
[4952] 13:58:58:694: ElParseIdentityString: LocalIdString =
[4952] 13:58:58:694: ElParseIdentityString: LocalIdString Length = 5
[4952] 13:58:58:694: ElParseIdentityString: Identity string does not contain tuples
[4952] 13:58:58:694: ElGetIdentity: Userlogged, Prev !Machine auth
[4952] 13:58:58:694: ElGetIdentity: Userlogged, <Maxauth, Prev !Machine auth: !MD5
[4952] 13:58:58:694: ElGetUserIdentity entered
[4952] 13:58:58:694: ElGetWinStationUserToken: GetWinStationUserToken failed for SessionId (3) with error (1008)
[4952] 13:58:58:694: ElGetWinStationUserToken: GetWinStationUserToken failed for session= (3) with error= (1008)
[4952] 13:58:58:694: ElGetUserIdentity: ElGetWinStationUserToken failed with error (1008)
[4952] 13:58:58:694: ElGetUserIdentity completed with error 1008
[4952] 13:58:58:694: ElGetIdentity: Error in ElGetUserIdentity 1008
[4952] 13:58:58:694: ElGetIdentity: Userlogged, <Maxauth, Prev !Machine auth: ERROR
[4952] 13:58:58:694: ElEapMakeMessage: Error in ElGetIdentity 1008
[4952] 13:58:58:694: ElEapWork: ElEapMakeMessage returned error 1008
[4952] 13:58:58:694: FSMAcquired: Error in ElEapWork 1008
I'm using PEAP authentication, and it works fine with machine auth and
normal user auth. Any thoughts?
--Mike
remote desktop to play nice together in XP Pro machines. The problem
exists on both wired and wireless connection where 802.1x authentication
is enforced. Basically, after the user logs in via Remote Desktop (which,
on XP, forces the console connection to become locked), the machine
becomes confused as to who it should be authenticating to the network as.
It seems like it want to switch back to the machine authentication context
(authenticating with machine credentials), however, most of the time, it
doesn't seem to do that. I have actually seen it work correctly once
where it began authenticating to the network with the machine credentials,
but usually, it gets confused then begins failing authentication, which,
of course, then gets it kicked off the network.
In my eapol.log from doing the eapol tracing, this is the kind of message
I get when the client gets confused after a user logs in via remote
desktop:
[4952] 13:58:58:694: ElEapWork: EapolPkt created at 021B8230
[4952] 13:58:58:694: ElEapMakeMessage entered
[4952] 13:58:58:694: ElParseIdentityString: DisplayString = hello
[4952] 13:58:58:694: ElParseIdentityString: LocalIdString =
[4952] 13:58:58:694: ElParseIdentityString: LocalIdString Length = 5
[4952] 13:58:58:694: ElParseIdentityString: Identity string does not contain tuples
[4952] 13:58:58:694: ElGetIdentity: Userlogged, Prev !Machine auth
[4952] 13:58:58:694: ElGetIdentity: Userlogged, <Maxauth, Prev !Machine auth: !MD5
[4952] 13:58:58:694: ElGetUserIdentity entered
[4952] 13:58:58:694: ElGetWinStationUserToken: GetWinStationUserToken failed for SessionId (3) with error (1008)
[4952] 13:58:58:694: ElGetWinStationUserToken: GetWinStationUserToken failed for session= (3) with error= (1008)
[4952] 13:58:58:694: ElGetUserIdentity: ElGetWinStationUserToken failed with error (1008)
[4952] 13:58:58:694: ElGetUserIdentity completed with error 1008
[4952] 13:58:58:694: ElGetIdentity: Error in ElGetUserIdentity 1008
[4952] 13:58:58:694: ElGetIdentity: Userlogged, <Maxauth, Prev !Machine auth: ERROR
[4952] 13:58:58:694: ElEapMakeMessage: Error in ElGetIdentity 1008
[4952] 13:58:58:694: ElEapWork: ElEapMakeMessage returned error 1008
[4952] 13:58:58:694: FSMAcquired: Error in ElEapWork 1008
I'm using PEAP authentication, and it works fine with machine auth and
normal user auth. Any thoughts?
--Mike